From 9a198010952fab5b7767df75f645b4ef73c7b60a Mon Sep 17 00:00:00 2001 From: Johannes Schauer Marin Rodrigues Date: Sat, 18 Mar 2023 04:53:28 +0100 Subject: [PATCH] debian-archive-keyring now puts *.asc keys into /etc/apt/trusted.gpg.d --- tests/ascii-armored-keys | 9 +++++++-- tests/keyring | 7 ++++++- tests/signed-by-without-host-keys | 7 ++++++- 3 files changed, 19 insertions(+), 4 deletions(-) diff --git a/tests/ascii-armored-keys b/tests/ascii-armored-keys index 3fe7833..b0118b5 100644 --- a/tests/ascii-armored-keys +++ b/tests/ascii-armored-keys @@ -5,14 +5,19 @@ if [ ! -e /mmdebstrap-testenv ]; then echo "this test modifies the system and should only be run inside a container" >&2 exit 1 fi +for f in /etc/apt/trusted.gpg.d/*.gpg /etc/apt/trusted.gpg.d/*.asc; do + [ -e "$f" ] || continue + rm "$f" +done +rmdir /etc/apt/trusted.gpg.d +mkdir /etc/apt/trusted.gpg.d for f in /usr/share/keyrings/*.gpg; do name=$(basename "$f" .gpg) gpg --enarmor < "/usr/share/keyrings/$name.gpg" \ | sed 's/ PGP ARMORED FILE/ PGP PUBLIC KEY BLOCK/;/^Comment: /d' \ > "/etc/apt/trusted.gpg.d/$name.asc" + rm "/usr/share/keyrings/$name.gpg" done -rm /etc/apt/trusted.gpg.d/*.gpg -rm /usr/share/keyrings/*.gpg {{ CMD }} --mode=root --variant=apt {{ DIST }} /tmp/debian-chroot.tar {{ MIRROR }} tar -tf /tmp/debian-chroot.tar | sort | diff -u tar1.txt - rm -r /tmp/debian-chroot.tar diff --git a/tests/keyring b/tests/keyring index a48f864..7308f0d 100644 --- a/tests/keyring +++ b/tests/keyring @@ -5,7 +5,12 @@ if [ ! -e /mmdebstrap-testenv ]; then echo "this test modifies the system and should only be run inside a container" >&2 exit 1 fi -rm /etc/apt/trusted.gpg.d/*.gpg +for f in /etc/apt/trusted.gpg.d/*.gpg /etc/apt/trusted.gpg.d/*.asc; do + [ -e "$f" ] || continue + rm "$f" +done +rmdir /etc/apt/trusted.gpg.d +mkdir /etc/apt/trusted.gpg.d {{ CMD }} --mode=root --variant=apt --keyring=/usr/share/keyrings/debian-archive-keyring.gpg --keyring=/usr/share/keyrings/ {{ DIST }} /tmp/debian-chroot "deb {{ MIRROR }} {{ DIST }} main" # make sure that no [signedby=...] managed to make it into the sources.list echo "deb {{ MIRROR }} {{ DIST }} main" | cmp /tmp/debian-chroot/etc/apt/sources.list - diff --git a/tests/signed-by-without-host-keys b/tests/signed-by-without-host-keys index ec630de..470a9de 100644 --- a/tests/signed-by-without-host-keys +++ b/tests/signed-by-without-host-keys @@ -5,7 +5,12 @@ if [ ! -e /mmdebstrap-testenv ]; then echo "this test modifies the system and should only be run inside a container" >&2 exit 1 fi -rm /etc/apt/trusted.gpg.d/*.gpg +for f in /etc/apt/trusted.gpg.d/*.gpg /etc/apt/trusted.gpg.d/*.asc; do + [ -e "$f" ] || continue + rm "$f" +done +rmdir /etc/apt/trusted.gpg.d +mkdir /etc/apt/trusted.gpg.d {{ CMD }} --mode=root --variant=apt {{ DIST }} /tmp/debian-chroot {{ MIRROR }} printf 'deb [signed-by="/usr/share/keyrings/debian-archive-keyring.gpg"] {{ MIRROR }} {{ DIST }} main\n' | cmp /tmp/debian-chroot/etc/apt/sources.list - tar -C /tmp/debian-chroot --one-file-system -c . | tar -t | sort | diff -u tar1.txt -